virtualizer: enforce maximum system resources a virtual machine may use

phabricator-migrator · February 19, 2024, 5:54pm

Information

ID: 12
PHID: PHID-TASK-igsd5s4aupeexzb2hajg
Author: Patrick
Status at Migration Time: open
Priority at Migration Time: Normal

Description

An adversary could stress either/and CPU, HDD, RAM, network connection and other Whonix-Workstations and perhaps also the host would suffer. This is bad:

attacks on anonymity when using multiple workstations (whether behind same gateway or not)
host ddos

Virtual machines (VM) can use an unlimited amount of resources. I.e.

CPU load
network load
I/O (hdd) load
graphic calculation load
(RAM load?)

This might happen because some application inside a VM has a bug and starts draining resources or because a VM has been compromised.

Ideally the virtualizer on the host would enforce maximum system resources the VM may use.

This ticket is a reminder to implement this protection for all virtualizers supported by Whonix some day.

If someone wants to implement this feature for a particular virtualizer, please create a sub task to keep things separated.

Related:
T530

Comments

HulaHoop

2015-05-25 01:16:14 UTC

HulaHoop

2015-06-07 15:52:15 UTC

Patrick

2016-11-11 14:45:00 UTC

HulaHoop

2016-11-11 23:20:08 UTC

Patrick

2016-11-12 02:22:12 UTC

HulaHoop

2016-11-19 04:39:21 UTC

Patrick

2016-11-19 17:51:30 UTC

HulaHoop

2016-11-20 15:16:05 UTC

Patrick

2016-11-20 16:07:43 UTC

HulaHoop

2016-11-27 23:18:37 UTC

Patrick

2019-12-22 08:26:44 UTC

madaidan

2019-12-23 19:54:30 UTC

We should be able to create a drop-in file at /lib/systemd/system/user-.slice.d/ and add something such as
[Slice]
MemoryAccounting=yes
MemoryMax=4G
which would prevent all users from using more than 4gb of memory.

There’s more documentation on user slices at user@.service